Description
Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Hewlett Packard Enterprise (HPE) / Aruba ClearPass Policy Manager6.11.1 and below – 6.11.1 and below
- Hewlett Packard Enterprise (HPE) / Aruba ClearPass Policy Manager6.10.8 and below – 6.10.8 and below
- Hewlett Packard Enterprise (HPE) / Aruba ClearPass Policy Manager6.9.13 and below – 6.9.13 and below